What Are You Looking For?

Sign Up

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200308-02
- - ---------------------------------------------------------------------

          PACKAGE : semi
          SUMMARY : insecure temporary files creation
             DATE : 2003-08-14 19:30 UTC
          EXPLOIT : local
VERSIONS AFFECTED : =semi-1.14.5-r1
              CVE : CAN-2003-0440

- - ---------------------------------------------------------------------

quote from CVE:

"The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and
possibly other versions, allows local users to overwrite arbitrary files
via a symlink attack on temporary files."

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-emacs/semi upgrade to semi-1.14.5-r1 as follows

emerge sync
emerge semi
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
usata@gentoo.org

Gentoo: semi Insecure temp files

The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 andpossibly other versions, allows local users to overwrite arbitrary filesvia a symlink attack on temporary files...

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200308-02
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

quote from CVE:

"The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and
possibly other versions, allows local users to overwrite arbitrary files
via a symlink attack on temporary files."

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-emacs/semi upgrade to semi-1.14.5-r1 as follows

emerge sync
emerge semi
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
usata@gentoo.org

Resolution

References

Availability

Concerns

Severity
PACKAGE : semi
SUMMARY : insecure temporary files creation
DATE : 2003-08-14 19:30 UTC
EXPLOIT : local
VERSIONS AFFECTED : =semi-1.14.5-r1
CVE : CAN-2003-0440

Synopsis

Background

Affected Packages

Impact

Workaround

Related News

GNOME Linux Systems Exposed to RCE Attacks Via File Downloads

Oct 9, 2023

Pros And Cons Of Linux Programming

Oct 1, 2023

Canonical Unveils Ubuntu 23.10, Focused on Security and App Discovery

Oct 23, 2023

Here's What You Need to Know about the Upcoming Curl Security Patches

Oct 10, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo